nixpkgs/nixos/modules/programs/wireshark.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.programs.wireshark;
  wireshark = cfg.package;
in {
  options = {
    programs.wireshark = {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to add Wireshark to the global environment and configure a
          setcap wrapper for 'dumpcap' for users in the 'wireshark' group.
        '';
      };
      package = mkOption {
        type = types.package;
        default = pkgs.wireshark-cli;
        defaultText = "pkgs.wireshark-cli";
        description = ''
          Which Wireshark package to install in the global environment.
        '';
      };
    };
  };

  config = mkIf cfg.enable {
    environment.systemPackages = [ wireshark ];
    users.groups.wireshark = {};

    security.wrappers.dumpcap = {
      source = "${wireshark}/bin/dumpcap";
      capabilities = "cap_net_raw+p";
      owner = "root";
      group = "wireshark";
      permissions = "u+rx,g+x";
    };
  };
}
nixos: add programs.wireshark option To be able to use Wireshark as an ordinary user, the 'dumpcap' program must be installed setuid root. This module module simplifies such a configuration to simply: programs.wireshark.enable = true; The setuid wrapper is available for users in the 'wireshark' group. Changes v1 -> v2: - add "defaultText" to the programs.wireshark.package option (AFAIK, that prevents the manual from being needlessly rebuilt when the package changes) 2017-02-16 21:53:09 +01:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`
			`cfg = config.programs.wireshark;`
			`wireshark = cfg.package;`
programs.wireshark: use setcap wrapper 2017-02-17 13:15:59 +01:00			`in {`
nixos: add programs.wireshark option To be able to use Wireshark as an ordinary user, the 'dumpcap' program must be installed setuid root. This module module simplifies such a configuration to simply: programs.wireshark.enable = true; The setuid wrapper is available for users in the 'wireshark' group. Changes v1 -> v2: - add "defaultText" to the programs.wireshark.package option (AFAIK, that prevents the manual from being needlessly rebuilt when the package changes) 2017-02-16 21:53:09 +01:00			`options = {`
			`programs.wireshark = {`
			`enable = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			`Whether to add Wireshark to the global environment and configure a`
programs.wireshark: use setcap wrapper 2017-02-17 13:15:59 +01:00			`setcap wrapper for 'dumpcap' for users in the 'wireshark' group.`
nixos: add programs.wireshark option To be able to use Wireshark as an ordinary user, the 'dumpcap' program must be installed setuid root. This module module simplifies such a configuration to simply: programs.wireshark.enable = true; The setuid wrapper is available for users in the 'wireshark' group. Changes v1 -> v2: - add "defaultText" to the programs.wireshark.package option (AFAIK, that prevents the manual from being needlessly rebuilt when the package changes) 2017-02-16 21:53:09 +01:00			`'';`
			`};`
			`package = mkOption {`
			`type = types.package;`
			`default = pkgs.wireshark-cli;`
			`defaultText = "pkgs.wireshark-cli";`
			`description = ''`
			`Which Wireshark package to install in the global environment.`
			`'';`
			`};`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`environment.systemPackages = [ wireshark ];`
nixos/modules: users.(extraUsers\|extraGroup->users\|group) 2018-06-30 01:58:35 +02:00			`users.groups.wireshark = {};`
programs.wireshark: use setcap wrapper 2017-02-17 13:15:59 +01:00
nixos: add programs.wireshark option To be able to use Wireshark as an ordinary user, the 'dumpcap' program must be installed setuid root. This module module simplifies such a configuration to simply: programs.wireshark.enable = true; The setuid wrapper is available for users in the 'wireshark' group. Changes v1 -> v2: - add "defaultText" to the programs.wireshark.package option (AFAIK, that prevents the manual from being needlessly rebuilt when the package changes) 2017-02-16 21:53:09 +01:00			`security.wrappers.dumpcap = {`
			`source = "${wireshark}/bin/dumpcap";`
programs.wireshark: use setcap wrapper 2017-02-17 13:15:59 +01:00			`capabilities = "cap_net_raw+p";`
nixos: add programs.wireshark option To be able to use Wireshark as an ordinary user, the 'dumpcap' program must be installed setuid root. This module module simplifies such a configuration to simply: programs.wireshark.enable = true; The setuid wrapper is available for users in the 'wireshark' group. Changes v1 -> v2: - add "defaultText" to the programs.wireshark.package option (AFAIK, that prevents the manual from being needlessly rebuilt when the package changes) 2017-02-16 21:53:09 +01:00			`owner = "root";`
			`group = "wireshark";`
			`permissions = "u+rx,g+x";`
			`};`
			`};`
			`}`